Don't send multiple error messages in response to a single command

While a few commands (such as HELP and NOOP) are allowed in between
USER and PASS, most of the others are not.  However if such command
is issued, ftpd should abort the command evaluation early and reply
with "530 Please login with USER and PASS."

From form@, with input from deraadt@ and OK millert@

diff --git a/libexec/ftpd/ftpcmd.y b/libexec/ftpd/ftpcmd.y
index 36d9824..5a39453 100644 (file)
--- a/libexec/ftpd/ftpcmd.y
+++ b/libexec/ftpd/ftpcmd.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ftpcmd.y,v 1.65 2017/04/17 21:49:01 deraadt Exp $     */
+/*     $OpenBSD: ftpcmd.y,v 1.66 2017/04/27 13:30:54 mikeb Exp $       */
 /*     $NetBSD: ftpcmd.y,v 1.7 1996/04/08 19:03:11 jtc Exp $   */
 
 /*
@@ -956,6 +956,8 @@ check_login
                        else {
                                reply(530, "Please login with USER and PASS.");
                                $$ = 0;
+                               state = 0;
+                               YYABORT;
                        }
                }
        ;
@@ -966,6 +968,8 @@ check_login_epsvall
                        if (!logged_in) {
                                reply(530, "Please login with USER and PASS.");
                                $$ = 0;
+                               state = 0;
+                               YYABORT;
                        } else if (epsvall) {
                                reply(501, "the command is disallowed "
                                    "after EPSV ALL");